STAGING · preview build — not the live site

wiki / homelab-network-map

Homelab network map

The lab is deliberately boring at the network layer so the experiments can be exciting at the service layer.

VLANs

VLANPurposeNotes
10Trusted LANpeople devices only
20Serversthe rack, wired only
30IoT quarantineno east-west, egress-filtered
66Pentest labfully isolated, see Pentest lab on one box

Core services

  • Reverse proxy with wildcard TLS terminating everything on VLAN 20
  • Internal DNS with split-horizon so lab names never leak
  • Nightly config backups to a box that is not in the rack

The one rule

Nothing gets a static config that isn't in the git repo. If a service can't be rebuilt from the repo in an afternoon, it doesn't belong in the rack — a lesson paid for twice, receipts in Bench failure log.